Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities
Security WeekArchived Jun 05, 2026✓ Full text saved
Posing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information. The post Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities appeared first on SecurityWeek .
Full text archived locally
✦ AI Summary· Claude Sonnet
Chinese military intelligence officers are posing as recruiters in online campaigns targeting government and military personnel with access to sensitive information, the Five Eyes countries warn.
Using fake job announcements on professional networking sites and recruitment platforms, the Chinese spies impersonate think tanks, private consultancies, and HR firms, placing advertisements for positions such as foreign policy and defense analysts.
The fake recruitment process is meant to pressure candidates into revealing classified or privileged information.
“China’s military intelligence services ultimately seek to acquire privileged military, political and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes,” the alert (PDF) reads.
The alert was authored by the United States’ FBI, the United Kingdom’s MI5, the Australian Security Intelligence Organisation, Canada’s Security Intelligence Service, and New Zealand’s Security Intelligence Service.
Using these tactics, China’s intelligence officers seek to establish long-term relationships with security clearance holders, military personnel, and individuals with indirect access to government information.
The campaigns are conducted on platforms such as LinkedIn, Indeed, and Upwork, and applicants’ resumes are ranked based on potential access to sensitive information.
Selected applicants are then contacted and invited to virtual interviews during which the recruiters conceal their identities and probe candidates about their access to government personnel.
Next, the “candidates are asked to write a trial report on a topic such as China’s bilateral relations, the Indo-Pacific region, and related defense issues, or international trade,” the alert reads.
The fake recruiters then inform the candidates that additional reports need to include more privileged information, and the communication is typically moved to supposedly more secure platforms, such as encrypted messaging services.
“Recruits receive anywhere from a few hundred to several thousand dollars per report, and may be offered more money in return for increasingly sensitive information. Payment methods include third-party payment platforms, such as PayPal, Payoneer, Zelle, Skrill, and Wise, as well as Western Union, e-transfer, and cryptocurrency,” the Five Eyes say.
Payments are typically received from the account of an individual who was not involved in the recruitment process.
According to the alert, even unclassified information provided by candidates is likely collected and combined with more sensitive data.
“Certain types of data can place the lives of frontline military or other personnel at risk, can weaken our economic prosperity, and enable interference in our democratic processes,” the alert reads.
Additionally, applicants risk the compromise of their personal information contained within resumes, and could face various consequences for disclosing classified information, such as prosecution for espionage, job loss, and security-clearance revocation.
Noting that the tactic is not new, Exabeam’s Steve Povolny pointed to the scale and precision that professional networking platforms are bringing to the approach. Used as intelligence collection environments, these platforms allow spies to recruit individuals without leaving their desks.
“The larger lesson is that the insider threat is no longer confined to employees intentionally stealing secrets. Adversaries are targeting the vast ecosystem surrounding sensitive information, including contractors, former government personnel, academics, researchers, journalists, and industry experts who may possess only fragments of valuable knowledge,” Povolny commented.
“In an era of data aggregation, even information that appears unclassified in isolation can become strategically significant when combined with other sources. The most successful espionage operations today don’t begin with a breach of technology. They begin with a conversation, a networking request, or a job offer that seems entirely legitimate,” he added.
Related: FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data
Related: FBI Warns of Surge in Hacker-Enabled Cargo Theft
Related: FBI: Cybercrime Losses Neared $21 Billion in 2025
Related: FBI Warns of Data Security Risks From China-Made Mobile Apps
WRITTEN BY
Ionut Arghire
Ionut Arghire is an international correspondent for SecurityWeek.
More from Ionut Arghire
Mirasvit Vulnerability Exploited to Execute Code on Magento Servers
Chinese Cybercrime Group in Spotlight for Record Campaign Pace
Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown
Cisco Warns of Available PoC for Critical Unified CM Vulnerability
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
IMA Diligence Services Data Breach Impacts 525,000 People
Organizations Warned of Exploited Linux Kernel Vulnerability
‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds
Latest News
Hackers Leak DentaQuest Information Impacting 2.6 Million
Chrome 149 Patches 429 Vulnerabilities
Industry Reactions to New Trump AI Cybersecurity Executive Order: Feedback Friday
Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026
Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk
Webinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond
Willow Raises $7 Million for Securing Autonomous AI Agents
Trending
Webinar: Third-Party Risk In Practice
June 4, 2026
Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.
Register
Virtual Roundtable: CISO Forum 2026 Mid-Year Review
June 10, 2026
Explore how attackers are using AI to scale threats and how security teams can respond with AI-driven defenses. Protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI governance frameworks.
Register
People on the Move
Cyera has appointed Naveen Palavalli as Chief Marketing Officer.
Connie Devine has been promoted to Chief Information Security Officer at Phillips 66.
Jeff Lunglhofer becomes Chief Security Officer at Coinbase, replacing Philip Martin.
More People On The Move
Expert Insights
The Zero-Knowledge Threat Actor And The End Of Responsible Disclosure
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor)
Raising The Cybersecurity Stakes: Ante Up For The Agentic Era
CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael)
Caught Off Guard: Securing AI After It Hits Production
As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb)
Cyber Resilience Is The New Business Continuity Plan
The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin)
Enhancing Data Center Security Without Sacrificing Performance
For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael)
Flipboard
Reddit
Whatsapp
Email